diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java index ff4601f1a422..cf8354d6d148 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java @@ -63,6 +63,8 @@ private static String verifyRedirectUri(UriInfo uriInfo, String rootUrl, String logger.debug("No Redirect URIs supplied"); redirectUri = null; } else { + redirectUri = lowerCaseHostname(redirectUri); + String r = redirectUri.indexOf('?') != -1 ? redirectUri.substring(0, redirectUri.indexOf('?')) : redirectUri; Set resolveValidRedirects = resolveValidRedirects(uriInfo, rootUrl, validRedirects); @@ -96,6 +98,15 @@ private static String verifyRedirectUri(UriInfo uriInfo, String rootUrl, String } } + private static String lowerCaseHostname(String redirectUri) { + int n = redirectUri.indexOf('/', 7); + if (n == -1) { + return redirectUri.toLowerCase(); + } else { + return redirectUri.substring(0, n).toLowerCase() + redirectUri.substring(n); + } + } + private static String relativeToAbsoluteURI(UriInfo uriInfo, String rootUrl, String relative) { if (rootUrl == null) { URI baseUri = uriInfo.getBaseUri(); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java index 527e2795dcd9..d74812a94468 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java @@ -65,8 +65,15 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod ClientModel installedApp3 = KeycloakModelUtils.createClient(appRealm, "test-wildcard"); installedApp3.setEnabled(true); installedApp3.addRedirectUri("http://example.com/foo/*"); + installedApp3.addRedirectUri("http://with-dash.example.com/foo/*"); installedApp3.addRedirectUri("http://localhost:8081/foo/*"); installedApp3.setSecret("password"); + + ClientModel installedApp4 = KeycloakModelUtils.createClient(appRealm, "test-dash"); + installedApp4.setEnabled(true); + installedApp4.addRedirectUri("http://with-dash.example.com"); + installedApp4.addRedirectUri("http://with-dash.example.com/foo"); + installedApp4.setSecret("password"); } }); @@ -216,6 +223,27 @@ public void testWildcard() throws IOException { checkRedirectUri("http://localhost:8081/foobar", false, true); } + @Test + public void testDash() throws IOException { + oauth.clientId("test-dash"); + + checkRedirectUri("http://with-dash.example.com/foo", true); + } + + @Test + public void testDifferentCaseInHostname() throws IOException { + oauth.clientId("test-dash"); + + checkRedirectUri("http://with-dash.example.com", true); + checkRedirectUri("http://wiTh-dAsh.example.com", true); + checkRedirectUri("http://with-dash.example.com/foo", true); + checkRedirectUri("http://wiTh-dAsh.example.com/foo", true); + checkRedirectUri("http://with-dash.eXampLe.com/foo", true); + checkRedirectUri("http://wiTh-dAsh.eXampLe.com/foo", true); + checkRedirectUri("http://wiTh-dAsh.eXampLe.com/Foo", false); + checkRedirectUri("http://wiTh-dAsh.eXampLe.com/foO", false); + } + @Test public void testLocalhost() throws IOException { oauth.clientId("test-installed");